On 10/21/23 17:28, Nilesh Patra wrote:
I have pushed a small change with reasoning to properly fix those. However, I have two
questions to ask:
* Why is the groupname of soju user names "ssl-cert" and not soju itself?
* Do we expect a "ssl-group" to be commonly present in linux systems? If
not (it isn't on mine), should it not be:
- Created in d/postinst? -- There is no groupadd or --ingroup with
adduser
- Removed in d/postrm? -- no delgroup
The group is added by the "ssl-cert" package[0] package which soju has a Depends: on, and it's added as a supplementary group to the soju user and not as the primary group. That group generates self-signed TLS certificates that the package can use in the default configuration, instead of shipping a default configuration with a plaintext listener which is heavily discouraged by upstream and something I'd rather not do regardless.
[0]: https://tracker.debian.org/pkg/ssl-cert Taavi
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature